Backstory: On May 25, the EU enforces its General Data Protection Regulation—rules that will often require firms to gain consent if they plan to use an EU resident’s personal information. It’s thought that it could help clean up the acts of Facebook et al.

The problems: The Times notes, though, that “wary consumers are more prone to trust recognized names with their information than unfamiliar newcomers.” The Journal, meanwhile, says big firms will use “a relatively strict interpretation of the new law ... setting an industry standard that is hard for smaller firms to meet.”

Plus: EU official Věra Jourová points out to the Journal that Google and Facebook “have the money, an army of lawyers, an army of technicians and so on” to make the process of transition realtively easy.

Why it matters: All those factors could mean that smaller firms struggle to accommodate the new rules, while Facebook and Google prosper and consolidate their advertising duopoly.

But: Now more than ever, Facebook and others are under scrutiny about how they use data. While GDPR may play to their advantage in some ways, lawyers, politicians, and activists will be ready to pounce the next time things go wrong.